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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 
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1 )KI Responsive to communication(s) filed on 17 May 2008 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 
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Application Papers 
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20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
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DETAILED ACTION 



In view of the Appeal Brief filed on 5/17/08, PROSECUTION IS HEREBY REOPENED. A new ground of 
rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this 
Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed by an appeal brief 
under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the 
new appeal. If, however, the appeal fees set forth in 37 CFR 41 .20 have been increased since they were 
previously paid, then appellant must pay the difference between the increased fees and the amount 
previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below: 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Claims 1-14 are rejected under 35 U.S.C. 102(b) as being anticipated by Hollander US 
Patent No. 6823460. 
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As per claim 1, 8 and 14 Hollander teaches: 

A method for detecting malicious software within or attacking a computer system, said method comprising 
the steps of: 

in response to a system call, executing a hook routine at a location of said system call to 

(a) determine a data flow or process requested by said call, 

[see col. 6, lines 7-1 1, wherein types of system calls are detected.] 

(b) determine another data flow or process for data related to that of said call, 

[see col. 6, lines 12-20, wherein the types of system calls include process creation and process 
termination] 

(c) automatically generate a consolidated information flow diagram showing said data flow or process of 

said call and said other data flow or process, and after steps (a-c), 

[see fig. 7, wherein the API flow table is considered analogous to a "consolidated information flow 
diagram'] 

(d) call a routine to perform said data flow or process requested by said call. 

[see fig. 10, element 200] 

As per claim 2, Hollander teaches: 

A method as set forth in claim 1 , wherein a user monitors said information flow diagram and compares the 
data flow or process of steps (a) and (b) with a data flow or process expected by said user. 
[see col. 2, lines 45-52, "predefined rules'] 

As per claim 3 and 9, Hollander teaches: 

A method as set forth in claim 1 , wherein said information flow diagram illustrates locations of said data at 
stages of a processing activity. 

[see fig. 3, elements 154-165] 
As per claim 4 and 10, Hollander teaches: 
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A method as set forth in claim 1 , wherein said system call is selected from the set of: open file, copy file to 
memory, copy memory to register, mathematical functions, write to file, and network or communication 
functions. 

[see col. 3, lines 64-67 and col. 4, lines 1-10] 
As per claim 5 and 11, Hollander teaches: 

A method as set forth in claim 1 , wherein said system call is a software interrupt of an operating system. 
[see col. 1, lines 65-67 and col. 2, lines 1-3, and rejection of claim 4] 

As per claim 6 and 12, Hollander teaches: 

A method as set forth in claim 1 , wherein said system call causes a processor to stop its current activity 
and execute said hook routine. 
[see fig. 2, element 56] 

As per claim 7 and 13, Hollander teaches: 

A method as set forth in claim 1 wherein said system call is made by malicious software. 
[see col. 1, lines 65-67 and col. 2, lines 1-3] 



CONCLUSION 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 
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Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 
be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 

this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application maybe obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/Daniel L. Hoang/ 
Examiner, Art Unit 2136 

/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 



